npm - @tt-a1i/hive - Versions diffs - 1.7.0 → 2.0.2 - Mend

@tt-a1i/hive 1.7.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/CHANGELOG.md +60 -0
package/README.en.md +73 -11
package/README.md +41 -8
package/dist/src/cli/hive-remote.d.ts +46 -0
package/dist/src/cli/hive-remote.js +257 -0
package/dist/src/cli/hive-update.js +7 -2
package/dist/src/cli/hive.d.ts +6 -0
package/dist/src/cli/hive.js +64 -0
package/dist/src/cli/team.d.ts +22 -0
package/dist/src/cli/team.js +255 -5
package/dist/src/server/agent-command-resolver.js +10 -3
package/dist/src/server/agent-exit-classification.d.ts +6 -0
package/dist/src/server/agent-exit-classification.js +6 -0
package/dist/src/server/agent-manager-support.d.ts +2 -1
package/dist/src/server/agent-manager-support.js +59 -15
package/dist/src/server/agent-manager.d.ts +3 -0
package/dist/src/server/agent-manager.js +22 -7
package/dist/src/server/agent-run-bootstrap.d.ts +14 -0
package/dist/src/server/agent-run-bootstrap.js +11 -4
package/dist/src/server/agent-run-exit-handler.js +14 -8
package/dist/src/server/agent-run-starter.d.ts +3 -1
package/dist/src/server/agent-run-starter.js +22 -5
package/dist/src/server/agent-run-sync.js +13 -5
package/dist/src/server/agent-runtime-types.d.ts +1 -0
package/dist/src/server/agent-runtime.d.ts +2 -1
package/dist/src/server/agent-runtime.js +9 -2
package/dist/src/server/agent-startup-instructions.d.ts +2 -1
package/dist/src/server/agent-startup-instructions.js +8 -4
package/dist/src/server/agent-stdin-dispatcher.d.ts +4 -2
package/dist/src/server/agent-stdin-dispatcher.js +35 -3
package/dist/src/server/command-preset-defaults.d.ts +6 -1
package/dist/src/server/command-preset-defaults.js +56 -0
package/dist/src/server/fs-browse.d.ts +2 -0
package/dist/src/server/fs-browse.js +165 -31
package/dist/src/server/fs-pick-folder.js +6 -69
package/dist/src/server/fs-sandbox.d.ts +5 -3
package/dist/src/server/fs-sandbox.js +5 -3
package/dist/src/server/hive-team-guidance.js +18 -6
package/dist/src/server/machine-name.d.ts +2 -0
package/dist/src/server/machine-name.js +13 -0
package/dist/src/server/open-target-commands.d.ts +1 -0
package/dist/src/server/open-target-commands.js +4 -1
package/dist/src/server/orchestrator-autostart.js +1 -1
package/dist/src/server/platform-path.d.ts +1 -0
package/dist/src/server/platform-path.js +14 -1
package/dist/src/server/post-start-input-writer.js +50 -13
package/dist/src/server/preset-launch-support.js +1 -0
package/dist/src/server/recovery-summary.d.ts +2 -1
package/dist/src/server/recovery-summary.js +2 -1
package/dist/src/server/remote-audit-store.d.ts +51 -0
package/dist/src/server/remote-audit-store.js +108 -0
package/dist/src/server/remote-config-keys.d.ts +17 -0
package/dist/src/server/remote-config-keys.js +27 -0
package/dist/src/server/remote-control-constants.d.ts +30 -0
package/dist/src/server/remote-control-constants.js +29 -0
package/dist/src/server/remote-device-session.d.ts +40 -0
package/dist/src/server/remote-device-session.js +22 -0
package/dist/src/server/remote-device-store.d.ts +36 -0
package/dist/src/server/remote-device-store.js +67 -0
package/dist/src/server/remote-frame-bridge.d.ts +102 -0
package/dist/src/server/remote-frame-bridge.js +791 -0
package/dist/src/server/remote-gateway-client.d.ts +14 -0
package/dist/src/server/remote-gateway-client.js +36 -0
package/dist/src/server/remote-loopback-auth.d.ts +6 -0
package/dist/src/server/remote-loopback-auth.js +112 -0
package/dist/src/server/remote-pairing-tunnel.d.ts +59 -0
package/dist/src/server/remote-pairing-tunnel.js +146 -0
package/dist/src/server/remote-pairing.d.ts +58 -0
package/dist/src/server/remote-pairing.js +237 -0
package/dist/src/server/remote-tunnel.d.ts +113 -0
package/dist/src/server/remote-tunnel.js +514 -0
package/dist/src/server/restart-policy-support.d.ts +4 -1
package/dist/src/server/restart-policy-support.js +3 -1
package/dist/src/server/restart-policy.d.ts +1 -1
package/dist/src/server/restart-policy.js +19 -3
package/dist/src/server/route-types.d.ts +1 -1
package/dist/src/server/routes-dispatches.js +1 -1
package/dist/src/server/routes-fs.js +3 -3
package/dist/src/server/routes-marketplace.js +2 -2
package/dist/src/server/routes-open-workspace.js +1 -1
package/dist/src/server/routes-remote.d.ts +2 -0
package/dist/src/server/routes-remote.js +166 -0
package/dist/src/server/routes-runtime.js +6 -6
package/dist/src/server/routes-settings.js +16 -16
package/dist/src/server/routes-tasks.js +2 -2
package/dist/src/server/routes-team-memory.d.ts +2 -0
package/dist/src/server/routes-team-memory.js +154 -0
package/dist/src/server/routes-team-recall.d.ts +2 -0
package/dist/src/server/routes-team-recall.js +119 -0
package/dist/src/server/routes-team.js +31 -9
package/dist/src/server/routes-ui.js +11 -1
package/dist/src/server/routes-workflow-schedules.js +3 -3
package/dist/src/server/routes-workflows.js +5 -5
package/dist/src/server/routes-workspace-memory-dreams.d.ts +2 -0
package/dist/src/server/routes-workspace-memory-dreams.js +105 -0
package/dist/src/server/routes-workspace-memory.d.ts +2 -0
package/dist/src/server/routes-workspace-memory.js +215 -0
package/dist/src/server/routes-workspaces.js +9 -9
package/dist/src/server/routes.js +10 -0
package/dist/src/server/runtime-database.d.ts +1 -0
package/dist/src/server/runtime-database.js +27 -2
package/dist/src/server/runtime-restart-policy.d.ts +3 -1
package/dist/src/server/runtime-restart-policy.js +2 -1
package/dist/src/server/runtime-store-contract.d.ts +37 -0
package/dist/src/server/runtime-store-dream.d.ts +23 -0
package/dist/src/server/runtime-store-dream.js +16 -0
package/dist/src/server/runtime-store-helpers.d.ts +20 -0
package/dist/src/server/runtime-store-helpers.js +81 -7
package/dist/src/server/runtime-store-memory.d.ts +33 -0
package/dist/src/server/runtime-store-memory.js +37 -0
package/dist/src/server/runtime-store-remote.d.ts +5 -0
package/dist/src/server/runtime-store-remote.js +45 -0
package/dist/src/server/runtime-store-workflows.js +2 -0
package/dist/src/server/runtime-store.js +14 -3
package/dist/src/server/session-capture-claude.d.ts +1 -1
package/dist/src/server/session-capture-claude.js +7 -4
package/dist/src/server/session-capture-codex.js +4 -5
package/dist/src/server/session-capture-gemini.js +4 -5
package/dist/src/server/session-capture-opencode.d.ts +4 -4
package/dist/src/server/session-capture-opencode.js +20 -12
package/dist/src/server/session-capture-qwen.d.ts +5 -0
package/dist/src/server/session-capture-qwen.js +104 -0
package/dist/src/server/session-capture.d.ts +17 -0
package/dist/src/server/session-capture.js +16 -0
package/dist/src/server/sqlite-schema-v23.d.ts +2 -0
package/dist/src/server/sqlite-schema-v23.js +43 -0
package/dist/src/server/sqlite-schema-v24.d.ts +2 -0
package/dist/src/server/sqlite-schema-v24.js +34 -0
package/dist/src/server/sqlite-schema-v25.d.ts +2 -0
package/dist/src/server/sqlite-schema-v25.js +127 -0
package/dist/src/server/sqlite-schema-v26.d.ts +2 -0
package/dist/src/server/sqlite-schema-v26.js +56 -0
package/dist/src/server/sqlite-schema-v27.d.ts +6 -0
package/dist/src/server/sqlite-schema-v27.js +92 -0
package/dist/src/server/sqlite-schema-v28.d.ts +2 -0
package/dist/src/server/sqlite-schema-v28.js +19 -0
package/dist/src/server/sqlite-schema-v29.d.ts +2 -0
package/dist/src/server/sqlite-schema-v29.js +27 -0
package/dist/src/server/sqlite-schema-v30.d.ts +2 -0
package/dist/src/server/sqlite-schema-v30.js +27 -0
package/dist/src/server/sqlite-schema-v31.d.ts +2 -0
package/dist/src/server/sqlite-schema-v31.js +30 -0
package/dist/src/server/sqlite-schema.d.ts +1 -1
package/dist/src/server/sqlite-schema.js +49 -1
package/dist/src/server/startup-command-parser.js +5 -1
package/dist/src/server/tasks-file-watcher.d.ts +2 -0
package/dist/src/server/tasks-file-watcher.js +15 -6
package/dist/src/server/tasks-file.js +30 -5
package/dist/src/server/tasks-websocket-server.js +4 -0
package/dist/src/server/team-authz.d.ts +1 -1
package/dist/src/server/team-authz.js +13 -1
package/dist/src/server/team-list-enrichment.js +3 -1
package/dist/src/server/team-memory-digest.d.ts +52 -0
package/dist/src/server/team-memory-digest.js +200 -0
package/dist/src/server/team-memory-dream-applier.d.ts +5 -0
package/dist/src/server/team-memory-dream-applier.js +234 -0
package/dist/src/server/team-memory-dream-http-serializers.d.ts +13 -0
package/dist/src/server/team-memory-dream-http-serializers.js +12 -0
package/dist/src/server/team-memory-dream-ops.d.ts +40 -0
package/dist/src/server/team-memory-dream-ops.js +153 -0
package/dist/src/server/team-memory-dream-reverter.d.ts +22 -0
package/dist/src/server/team-memory-dream-reverter.js +221 -0
package/dist/src/server/team-memory-dream-run-store.d.ts +23 -0
package/dist/src/server/team-memory-dream-run-store.js +211 -0
package/dist/src/server/team-memory-dream-runner.d.ts +37 -0
package/dist/src/server/team-memory-dream-runner.js +178 -0
package/dist/src/server/team-memory-dream-scheduler.d.ts +32 -0
package/dist/src/server/team-memory-dream-scheduler.js +115 -0
package/dist/src/server/team-memory-dream-store.d.ts +19 -0
package/dist/src/server/team-memory-dream-store.js +16 -0
package/dist/src/server/team-memory-dream-types.d.ts +104 -0
package/dist/src/server/team-memory-dream-types.js +23 -0
package/dist/src/server/team-memory-export.d.ts +22 -0
package/dist/src/server/team-memory-export.js +220 -0
package/dist/src/server/team-memory-feature.d.ts +12 -0
package/dist/src/server/team-memory-feature.js +12 -0
package/dist/src/server/team-memory-http-serializers.d.ts +102 -0
package/dist/src/server/team-memory-http-serializers.js +46 -0
package/dist/src/server/team-memory-injection.d.ts +31 -0
package/dist/src/server/team-memory-injection.js +49 -0
package/dist/src/server/team-memory-store.d.ts +116 -0
package/dist/src/server/team-memory-store.js +513 -0
package/dist/src/server/team-operations.d.ts +5 -1
package/dist/src/server/team-operations.js +46 -16
package/dist/src/server/team-recall-store.d.ts +38 -0
package/dist/src/server/team-recall-store.js +205 -0
package/dist/src/server/terminal-input-profile.d.ts +1 -1
package/dist/src/server/terminal-input-profile.js +18 -0
package/dist/src/server/terminal-ws-server.js +6 -0
package/dist/src/server/ui-auth-helpers.d.ts +1 -1
package/dist/src/server/ui-auth-helpers.js +7 -1
package/dist/src/server/ui-auth.d.ts +3 -0
package/dist/src/server/ui-auth.js +21 -1
package/dist/src/server/workflow-cli-policy.d.ts +2 -3
package/dist/src/server/workflow-cli-policy.js +3 -3
package/dist/src/server/workflow-runner.d.ts +1 -0
package/dist/src/server/workflow-runner.js +9 -4
package/dist/src/server/workspace-path-validation.js +6 -2
package/dist/src/server/workspace-store.d.ts +1 -1
package/dist/src/server/workspace-store.js +35 -9
package/dist/src/shared/fs-browse.d.ts +1 -0
package/dist/src/shared/fs-browse.js +1 -0
package/dist/src/shared/path-input.d.ts +12 -0
package/dist/src/shared/path-input.js +22 -0
package/dist/src/shared/remote-bridge-routing.d.ts +19 -0
package/dist/src/shared/remote-bridge-routing.js +141 -0
package/dist/src/shared/remote-crypto.d.ts +138 -0
package/dist/src/shared/remote-crypto.js +427 -0
package/dist/src/shared/remote-pairing-code.d.ts +7 -0
package/dist/src/shared/remote-pairing-code.js +47 -0
package/dist/src/shared/remote-protocol.d.ts +160 -0
package/dist/src/shared/remote-protocol.js +526 -0
package/dist/src/shared/team-memory.d.ts +11 -0
package/dist/src/shared/team-memory.js +10 -0
package/dist/src/shared/team-recall.d.ts +1 -0
package/dist/src/shared/team-recall.js +1 -0
package/dist/src/shared/types.d.ts +4 -5
package/package.json +12 -5
package/scripts/postinstall-native-artifacts.mjs +113 -0
package/web/dist/assets/AddWorkerDialog-CbV75qUX.js +2 -0
package/web/dist/assets/AddWorkspaceFlow-CwV-7wPx.js +1 -0
package/web/dist/assets/FirstRunWizard-a6PWIK3x.js +1 -0
package/web/dist/assets/MarketplaceDrawer-Dd8WIA8T.js +67 -0
package/web/dist/assets/TaskGraphDrawer-Bk5WFIk_.js +1 -0
package/web/dist/assets/{WhatsNewDialog-CHkZeINH.js → WhatsNewDialog-C2VZaip0.js} +1 -1
package/web/dist/assets/WorkerModal-DucW-9YT.js +1 -0
package/web/dist/assets/WorkflowsDrawer-Bjf4olbR.js +1 -0
package/web/dist/assets/WorkspaceMemoryDrawer-DglCy_5f.js +1 -0
package/web/dist/assets/WorkspaceTaskDrawer-BIWwISvA.js +1 -0
package/web/dist/assets/index-BAiLYajK.css +1 -0
package/web/dist/assets/index-BV2k9Dts.js +73 -0
package/web/dist/assets/search-Bk2HQvO7.js +1 -0
package/web/dist/assets/square-terminal-D93m9hfY.js +1 -0
package/web/dist/cli-icons/agy.png +0 -0
package/web/dist/cli-icons/cursor.ico +0 -0
package/web/dist/cli-icons/grok.ico +0 -0
package/web/dist/cli-icons/qwen.png +0 -0
package/web/dist/index.html +8 -3
package/web/dist/sw.js +1 -1
package/scripts/fix-runtime-artifacts.mjs +0 -33
package/web/dist/assets/AddWorkerDialog-BRUxpa3f.js +0 -2
package/web/dist/assets/AddWorkspaceDialog-D56x5JCb.js +0 -1
package/web/dist/assets/FirstRunWizard-BFVaMIsE.js +0 -1
package/web/dist/assets/MarketplaceDrawer-DeEZ35dN.js +0 -76
package/web/dist/assets/WorkerModal-BBCuMLIa.js +0 -1
package/web/dist/assets/WorkspaceTaskDrawer-CpZHAcj1.js +0 -1
package/web/dist/assets/WorkspaceTerminalPanels-7If2mDyp.js +0 -1
package/web/dist/assets/WorkspaceTerminalPanels-DDGTF8rc.css +0 -1
package/web/dist/assets/index-5zh61jMg.css +0 -1
package/web/dist/assets/index-CxNL0O-C.js +0 -73
package/web/dist/assets/path-join-7MR1s7b1.js +0 -1

package/dist/src/server/remote-device-store.js ADDED Viewed

@@ -0,0 +1,67 @@
+import { fromBase64Url, toBase64Url } from '../shared/remote-crypto.js';
+const toRecord = (row) => ({
+    id: row.id,
+    name: row.name,
+    createdAt: row.created_at,
+    lastActive: row.last_active,
+    revokedAt: row.revoked_at,
+});
+const toSession = (row) => ({
+    deviceId: row.id,
+    keys: { d2p: fromBase64Url(row.key_d2p), p2d: fromBase64Url(row.key_p2d) },
+});
+export const createRemoteDeviceStore = (db) => {
+    const insertStmt = db.prepare(`INSERT INTO remote_devices
+       (id, name, key_d2p, key_p2d, device_pubkey, created_at, last_active, revoked_at)
+     VALUES (?, ?, ?, ?, ?, ?, NULL, NULL)`);
+    // Note: the SELECT projections for the metadata path deliberately OMIT key_d2p/key_p2d/device_pubkey
+    // so key material can never escape through list()/get() (invariant 7).
+    const getMetaStmt = db.prepare(`SELECT id, name, created_at, last_active, revoked_at FROM remote_devices WHERE id = ?`);
+    const listStmt = db.prepare(`SELECT id, name, created_at, last_active, revoked_at
+       FROM remote_devices
+      ORDER BY created_at DESC, id DESC`);
+    const listActiveStmt = db.prepare(`SELECT id, name, created_at, last_active, revoked_at
+       FROM remote_devices
+      WHERE revoked_at IS NULL
+      ORDER BY created_at DESC, id DESC`);
+    const liveSessionStmt = db.prepare(`SELECT id, key_d2p, key_p2d FROM remote_devices WHERE id = ? AND revoked_at IS NULL`);
+    const liveSessionsStmt = db.prepare(`SELECT id, key_d2p, key_p2d FROM remote_devices WHERE revoked_at IS NULL`);
+    // revoke only flips a row that is not already revoked, so a second call changes 0 rows -> false,
+    // and the original revoked_at timestamp is never overwritten.
+    const revokeStmt = db.prepare(`UPDATE remote_devices SET revoked_at = ? WHERE id = ? AND revoked_at IS NULL`);
+    const touchStmt = db.prepare(`UPDATE remote_devices SET last_active = ? WHERE id = ? AND revoked_at IS NULL`);
+    return {
+        insert(input, now = Date.now()) {
+            insertStmt.run(input.id, input.name, toBase64Url(input.keys.d2p), toBase64Url(input.keys.p2d), toBase64Url(input.devicePublicKey), now);
+            return { id: input.id, name: input.name, createdAt: now, lastActive: null, revokedAt: null };
+        },
+        getLiveSession(deviceId) {
+            const row = liveSessionStmt.get(deviceId);
+            return row ? toSession(row) : null;
+        },
+        liveSessions() {
+            return liveSessionsStmt.all().map(toSession);
+        },
+        list(includeRevoked = false) {
+            const rows = (includeRevoked ? listStmt : listActiveStmt).all();
+            return rows.map(toRecord);
+        },
+        get(deviceId) {
+            const row = getMetaStmt.get(deviceId);
+            return row ? toRecord(row) : null;
+        },
+        revoke(deviceId, now = Date.now()) {
+            return revokeStmt.run(now, deviceId).changes > 0;
+        },
+        touchActive(deviceId, now = Date.now()) {
+            touchStmt.run(now, deviceId);
+        },
+    };
+};
+// Persistent DeviceSessionProvider — no cache. get()/candidates() read the store live, so a revoke()
+// write makes the next inbound frame fail in the M3 bridge (resolveAndOpen -> get null / candidate
+// gone -> drop + audit 'no_session'). Zero bridge change for the persistence half (invariant 5).
+export const createPersistentDeviceSessionProvider = (store) => ({
+    get: (deviceId) => store.getLiveSession(deviceId),
+    candidates: () => store.liveSessions(),
+});

package/dist/src/server/remote-frame-bridge.d.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import { type Direction } from '../shared/remote-crypto.js';
+import { type HttpResponseHead } from '../shared/remote-protocol.js';
+import type { RemoteAuditStore } from './remote-audit-store.js';
+import { type DeviceSessionProvider } from './remote-device-session.js';
+/** A loopback HTTP request in flight. The bridge feeds it body chunks then end()s it. */
+export interface LoopbackHttpRequest {
+    onData(chunk: Uint8Array): void;
+    onEnd(): void;
+    abort(): void;
+}
+export interface LoopbackHttpHandlers {
+    onHead(head: HttpResponseHead): void;
+    onBody(chunk: Uint8Array): void;
+    onEnd(): void;
+    onError(err: Error): void;
+}
+/** A loopback WS connection in flight. */
+export interface LoopbackWsConnection {
+    onData(data: Uint8Array, isText: boolean): void;
+    onClose(): void;
+    abort(): void;
+}
+export interface LoopbackWsHandlers {
+    onOpen(): void;
+    onMessage(data: Uint8Array, isText: boolean): void;
+    onClose(): void;
+    onError(err: Error): void;
+}
+export interface LoopbackTransports {
+    openHttp(args: {
+        port: number;
+        method: string;
+        path: string;
+        headers: Record<string, string>;
+    }, handlers: LoopbackHttpHandlers): LoopbackHttpRequest;
+    openWs(args: {
+        port: number;
+        path: string;
+        headers: Record<string, string>;
+    }, handlers: LoopbackWsHandlers): LoopbackWsConnection;
+}
+export interface FrameBridgeContext {
+    loopbackPort: number;
+    loopbackSecret: string;
+    deviceSessions: DeviceSessionProvider;
+    audit: RemoteAuditStore;
+    /**
+     * The daemon's own id (config.getDaemonId()). M6.1: it is bound into the per-connection HKDF info,
+     * so it MUST be the SAME value the phone put in its HandshakeIds.daemonId — a mismatch diverges the
+     * info strings and EVERY Hello fails to open (total outage). Sourced at socket-open time in
+     * remote-tunnel.ts (guarded non-null; the tunnel can't be online without it).
+     */
+    daemonId: string;
+    /**
+     * Injected loopback transports. Production omits this and gets the real node:http / ws clients;
+     * unit tests pass a stub so a single bridged request is observable without real I/O. Carried on
+     * the context (not a separate arg) so the tunnel's `createBridge: (ctx) => createFrameBridge(ctx)`
+     * wiring is untouched and a test can simply add the field.
+     */
+    loopbackTransports?: LoopbackTransports;
+    /**
+     * Seam: the per-connection daemon salt source. Defaults to the crypto export; a test injects a
+     * deterministic-but-distinct generator so it can recompute the connKey + nonce. NOT a mock — the
+     * real HKDF still runs over whatever bytes this returns.
+     */
+    generateConnSalt?: () => Uint8Array;
+    /**
+     * Observation hook (NOT a mock): fires for every daemon->phone seal with the REAL AEAD key + REAL
+     * 12-byte header. Lets the no-(key,nonce)-reuse + no-downgrade invariants be mutation-tested by a
+     * recorder; the production sealNext still runs unchanged.
+     */
+    onSeal?: (rec: {
+        key: Uint8Array;
+        direction: Direction;
+        headerBytes: Uint8Array;
+    }) => void;
+}
+export interface FrameBridge {
+    attachSocket(send: (frame: Uint8Array) => void): void;
+    onInbound(frame: ArrayBuffer | Uint8Array): void;
+    /**
+     * Tear down every in-flight stream. `keepSink` distinguishes the two callers:
+     *   - socket teardown (onSocketDown / revokeAndStop / close): the outbound socket is gone, so we
+     *     also null the sink (keepSink omitted/false) and audit a session_close.
+     *   - gateway 'peer-offline' control: the daemon socket STAYS OPEN (the gateway just told us the
+     *     phone dropped its streams). We reset the in-flight streams but MUST keep `send` live so the
+     *     phone can re-establish streams on the same socket after 'peer-online'. Audited as a
+     *     stream-reset, not a session_close.
+     */
+    resetAllStreams(reason: string, opts?: {
+        keepSink?: boolean;
+    }): void;
+    /**
+     * Close ONE device's in-flight streams (M4 revoke closed loop). Unlike resetAllStreams this leaves
+     * other devices + the outbound sink untouched, so revoking device A never tears down device B. The
+     * per-device opener/sealer is dropped too, so a re-pair of the same id starts from clean crypto
+     * state. The persistent provider's revoke (the security-load-bearing half) already makes NEW frames
+     * fail with no_session; this is the best-effort liveness half that kills an ALREADY-open stream now.
+     */
+    closeDevice(deviceId: string, reason: string): void;
+}
+export declare const createFrameBridge: (ctx: FrameBridgeContext) => FrameBridge;